Hi!
The relabeling was done by touching a /.autorelabel
Followed advice, and ran:
[root@shiva music]# restorecon -R -v /var/log
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context
/var/log/samba/#######.log->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context /var/log/samba/#######->system_u:object_r:var_log_t
restorecon reset context
/var/log/Xorg.0.log.old->system_u:object_r:var_log_t
restorecon reset context /var/log/Xorg.0.log->system_u:object_r:var_log_t
restorecon reset context
/var/log/squid/store.log->system_u:object_r:squid_log_t
restorecon reset context
/var/log/squid/access.log->system_u:object_r:squid_log_t
restorecon reset context
/var/log/squid/cache.log->system_u:object_r:squid_log_t
restorecon reset context
/var/log/squid/squid.out->system_u:object_r:squid_log_t
restorecon reset context /var/log/gdm/:0.log->system_u:object_r:var_log_t
restorecon reset context /var/log/gdm/:0.log.3->system_u:object_r:var_log_t
restorecon reset context /var/log/gdm/:0.log.1->system_u:object_r:var_log_t
restorecon reset context /var/log/gdm/:0.log.2->system_u:object_r:var_log_t
restorecon reset context /var/log/gdm/:0.log.4->system_u:object_r:var_log_t
[root@shiva music]# ls -lZ /var/log/squid/
-rw-r--r-- squid squid system_u:object_r:squid_log_t access.log
-rw-r--r-- squid squid system_u:object_r:squid_log_t cache.log
-rw-r--r-- squid squid system_u:object_r:squid_log_t squid.out
-rw-r--r-- squid squid system_u:object_r:squid_log_t store.log
[root@shiva music]# service squid restart
Stopping squid: /etc/init.d/squid: line 82: 8548
Aborted $SQUID -k check >>/var/log/squid/squid.out 2>&1
[FAILED]
Starting squid: /etc/init.d/squid: line 53: 8549
Aborted $SQUID $SQUID_OPTS >>/var/log/squid/squid.out 2>&1
[FAILED]
[root@shiva music]# dmesg | tail
audit(1130420511.344:0): avc: denied { getattr } for pid=8548
exe=/usr/sbin/squid path=/usr/local/squidclamav/bin/squidclamav dev=hda8
ino=185872 scontext=root:system_r:squid_t
tcontext=system_u:object_r:bin_t tclass=file
audit(1130420511.595:0): avc: denied { getattr } for pid=8549
exe=/usr/sbin/squid path=/usr/local/squidclamav/bin/squidclamav dev=hda8
ino=185872 scontext=root:system_r:squid_t
tcontext=system_u:object_r:bin_t tclass=file
Some values were hashed out for obvious reasons.
Thanks again for your input. It is appreciated.
God bless.
Daniel J Walsh wrote:
Jayendren Anand Maduray wrote:
Hi!
Just noticed more errors!
Here is the output:
audit(1130392269.590:0): avc: denied { append } for pid=3218
exe=/usr/sbin/squid path=/var/log/squid/squid.out dev=hda8 ino=755115
scontext=user_u:system_r:squid_t tcontext=system_u:object_r:bin_t
tclass=file
audit(1130392269.590:0): avc: denied { append } for pid=3218
exe=/usr/sbin/squid path=/var/log/squid/squid.out dev=hda8 ino=755115
scontext=user_u:system_r:squid_t tcontext=system_u:object_r:bin_t
tclass=file
audit(1130392270.019:0): avc: denied { getattr } for pid=3218
exe=/usr/sbin/squid path=/usr/local/squidclamav/bin/squidclamav
dev=hda8 ino=185872 scontext=user_u:system_r:squid_t
tcontext=system_u:object_r:bin_t tclass=file
Looks like you labeled /var/log/squid incorrectly. restorecon -R -v
/var/log
Also:
[root@shiva jay]# ls -lZ /var/log/squid/
-rw-r--r-- squid squid system_u:object_r:bin_t
access.log
-rw-r--r-- squid squid system_u:object_r:bin_t cache.log
-rw-r--r-- squid squid system_u:object_r:bin_t squid.out
-rw-r--r-- squid squid system_u:object_r:bin_t store.log
[root@shiva jay]# service squid restart
Stopping squid: /etc/init.d/squid: line 82: 5108
Aborted $SQUID -k check >>/var/log/squid/squid.out 2>&1
[FAILED]
Starting squid: /etc/init.d/squid: line 53: 5109
Aborted $SQUID $SQUID_OPTS >>/var/log/squid/squid.out
2>&1
[FAILED]
Please note that i re-enabled SElinux for squid via
system-config-security in FC3.
Any help will be appreciated.
God bless.
Daniel J Walsh wrote:
Jayendren Anand Maduray wrote:
Thanks for you help, again!
Here is the output:
[root@shiva jay]# chcon -t bin_t /usr/local/squidclamav/bin/*
You have mail in /var/spool/mail/jay
[root@shiva jay]#
[root@shiva jay]# ls -lZ /usr/local/squidclamav/bin
-rwxr-xr-x root root system_u:object_r:bin_t
squidclamav
I will reboot, and check the system as it starts up.
Currently, i use system-config-securitylevel to re-enable squid.
Which file can i edit to do this from the command line?
setsebool and getsebool are command line tools for manipulating
booleans
setsebool -P squid_disable_trans=1
Enables SELinux enforcement and writes this to the defaults file
/etc/selinux/SELINUXTYPE/booleans.local
--
Jayendren Anand Maduray
Microsoft Certified Professional
Network Plus
IT Administrator
Perinatal HIV Research Unit
Old Potch Road
Chris Hani Baragwanath Hospital
Soweto
South Africa
Tel: +27 11 989 9776
Tel: +27 11 989 9999
Fax: +27 11 938 3973
Cel: 082 22 774 94
Alternate email address: jayendren@xxxxxxxxxx
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
